1. Statement of the Technical Field
The present invention relates to the field of role-based security and more particularly to the programmatic application of role-based security to a dynamically generated user interface.
2. Description of the Related Art
Software development models have progressed from the sequential architecture of several decades ago to the object oriented paradigm of today. Additionally, whereas many years ago it would have been reasonable to presume the installation and use of an application within a single platform, today distributed application configurations are the norm. Unlike the single platform model of the past, the modern distributed model presents several challenges both in the design and in the lifecycle maintenance of the distributed application. In particular, today each of developers, database administrators and user-interface designers participate in the development process, oftentimes, independently of each other.
To facilitate the maintenance of the distributed application, the well-known model-view-controller programming design pattern has been adopted for use in developing complex, distributed applications. In the model-view-controller pattern, the data processed within an application can be managed independently of the programming logic used to manipulate the data and to control the operational flow of the application. The user interface, too, can be developed and maintained separately from the data and the programming logic. In this way, user interface changes need not jeopardize the integrity of proving programming logic. Similarly, changes in the underlying programming logic need not affect the proven structure of the user interface.
To separate the presentation layer of an application from the programming logic of the application, dynamic user interface technologies have been developed including Java server pages (JSPs) as will be understood by the skilled artisan. JSPs can be viewed as markup language documents encapsulating program logic intended for execution in a server process external to a content browsing process rendering the markup language documents. In this regard, the encapsulated program logic can dynamically produce renderable output within the markup language document such that the user interface ultimately rendered by the content browser can be defined in real-time when the JSP has been invoked.
While dynamic user interface technologies have proven quite useful in enforcing the separation of the presentation layer from the programming logic layer of an application, separation is only but one concern in the development and deployment of a distributed application. Specifically, security and differential access for different users can be a critical element of a well-defined distributed application. For example, in an enterprise business application, managers may view certain confidential data which assembly-line employees may not. Similarly, corporate officers can modify and view even more sensitive data which managers cannot. Without providing a mechanism for differentially controlling access to different portions of the application, a wide scale deployment of the application will not be possible.
To enforce different access privileges in an application, role-based security principles have been incorporated into several frameworks which implement the programming model of separating the presentation layer from the program logic layer. Generally, different “roles” can be defined for different users of an application. When deploying the application, authorized roles can be listed in association with particular functions or modules of the application so that during the execution of the application, only those users having an authorized role can access the particular functions or modules. To that end, deployment descriptors have proven to be a convenient forum for associating roles with different views and corresponding program logic.
In operation, when an end user attempts to access a particular view, the deployment descriptor for the view can specify particular roles eligible to access the view. As such, the role of the end user can be compared to the specified roles in the deployment descriptor. If the role of the end user has been included in the listing of specified roles permitted to access the view, the view can be rendered for use by the end user. Otherwise, a message can be rendered indicating that the end user has attempted access to a view which the end user has not been authorized to view. While the message can suffice for the occasional attempt to access a view in an unauthorized manner, the end user cannot be faulted where an opportunity to access the view has been presented to the end user.
Specifically, it is well known to render linking user interface elements in one view which have been programmed to invoke another, separate view. Typically presented in the form of a button, the mere selection of the button can invoke the separate view. While access to the initial view may have been permitted based upon the role of the end user, access to the separate view may not be permitted. Yet, a link to the separate view will have been presented nonetheless. Receiving an “unauthorized access” message, then, can be frustrating for the end user and can run counter to well-known principles of the science of human factors.